WarLock ransomware has reportedly breached Colt and Hitachi, prompting an investigation and efforts to restore systems at Colt while cybersecurity experts examine the alleged data breach. A new ransomware group, WarLock, which emerged just two months ago, is seeking to establish its credibility by targeting prominent organizations. Recently, it added…
Date: May 28, 2025
Category: Ransomware / Data Breach
An Iranian national has acknowledged his involvement in a major ransomware and extortion operation linked to the Robbinhood ransomware in the U.S. Sina Gholinejad (also known as Sina Ghaaf), 37, along with his accomplices, infiltrated the computer networks of multiple U.S. organizations, encrypting files and demanding Bitcoin ransoms. Arrested in North Carolina in early January, Gholinejad pleaded guilty to charges of computer fraud and abuse, as well as conspiracy to commit wire fraud. He faces up to 30 years in prison, with his sentencing set for August 2025. The U.S. Department of Justice reported that these cyberattacks led to significant disruptions and financial losses exceeding $19 million for cities like Greenville, North Carolina, and Baltimore, Maryland.
Iranian Hacker Pleads Guilty in $19 Million Robbinhood Ransomware Attack on Baltimore May 28, 2025 In a significant development in the realm of cybersecurity, an Iranian national, Sina Gholinejad, has entered a guilty plea in the United States for his role in an extensive ransomware operation that leveraged the notorious…
Date: May 28, 2025
Category: Ransomware / Data Breach
An Iranian national has acknowledged his involvement in a major ransomware and extortion operation linked to the Robbinhood ransomware in the U.S. Sina Gholinejad (also known as Sina Ghaaf), 37, along with his accomplices, infiltrated the computer networks of multiple U.S. organizations, encrypting files and demanding Bitcoin ransoms. Arrested in North Carolina in early January, Gholinejad pleaded guilty to charges of computer fraud and abuse, as well as conspiracy to commit wire fraud. He faces up to 30 years in prison, with his sentencing set for August 2025. The U.S. Department of Justice reported that these cyberattacks led to significant disruptions and financial losses exceeding $19 million for cities like Greenville, North Carolina, and Baltimore, Maryland.
Microsoft Flags Storm-0501 as a Significant Threat in Hybrid Cloud Ransomware Operations
September 27, 2024
Ransomware / Cloud Security
Microsoft has identified the cyber group Storm-0501 as a noteworthy threat, targeting key sectors such as government, manufacturing, transportation, and law enforcement in the United States. Their sophisticated, multi-stage attack strategy is designed to infiltrate hybrid cloud environments, allowing attackers to move laterally from on-premises systems to the cloud. This approach leads to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment. According to Microsoft’s threat intelligence team, Storm-0501 operates as a financially driven cybercriminal organization, utilizing both commodity and open-source tools for their ransomware activities. Active since 2021, they initially focused on educational institutions with the Sabbath ransomware before transitioning to a ransomware-as-a-service (RaaS) model, distributing various ransomware variants including Hive, BlackCat (ALPHV), Hunters International, LockBit, and Embargo ransomware.
Microsoft Flags Storm-0501 as Significant Threat in Hybrid Cloud Ransomware Incidents On September 27, 2024, Microsoft announced a notable increase in ransomware attacks orchestrated by the threat actor known as Storm-0501, which has predominantly targeted integral sectors such as government, manufacturing, transportation, and law enforcement across the United States. This…
Microsoft Flags Storm-0501 as a Significant Threat in Hybrid Cloud Ransomware Operations
September 27, 2024
Ransomware / Cloud Security
Microsoft has identified the cyber group Storm-0501 as a noteworthy threat, targeting key sectors such as government, manufacturing, transportation, and law enforcement in the United States. Their sophisticated, multi-stage attack strategy is designed to infiltrate hybrid cloud environments, allowing attackers to move laterally from on-premises systems to the cloud. This approach leads to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment. According to Microsoft’s threat intelligence team, Storm-0501 operates as a financially driven cybercriminal organization, utilizing both commodity and open-source tools for their ransomware activities. Active since 2021, they initially focused on educational institutions with the Sabbath ransomware before transitioning to a ransomware-as-a-service (RaaS) model, distributing various ransomware variants including Hive, BlackCat (ALPHV), Hunters International, LockBit, and Embargo ransomware.
Joint Global Operation Leads to Arrests and Sanctions Against LockBit Ransomware and Evil Corp Members
October 3, 2024
Cybercrime / Ransomware
A coordinated international law enforcement effort has resulted in four arrests and the shutdown of nine servers associated with the LockBit (also known as Bitwise Spider) ransomware operation, targeting a once-prominent financially motivated cybercriminal group. Key developments include the apprehension of a suspected LockBit developer in France while on vacation outside Russia, the arrest of two individuals in the UK linked to an affiliate, and the capture of an administrator of a bulletproof hosting service in Spain used by the gang, according to Europol. Additionally, authorities have identified a Russian national, Aleksandr Ryzhenkov (known by several aliases including Beverley and Corbyn_Dallas), as a high-ranking member of the Evil Corp cybercrime group and a LockBit affiliate. Sanctions have been imposed on seven individuals and two entities connected to the e-crime organization. “The United States, in collaboration with our allies…”
LockBit Ransomware and Evil Corp Members Arrested in Global Law Enforcement Operation On October 3, 2024, a coordinated international law enforcement operation resulted in the arrest of four individuals and the dismantling of nine servers associated with the LockBit ransomware group, also known as Bitwise Spider. This initiative represents a…
Joint Global Operation Leads to Arrests and Sanctions Against LockBit Ransomware and Evil Corp Members
October 3, 2024
Cybercrime / Ransomware
A coordinated international law enforcement effort has resulted in four arrests and the shutdown of nine servers associated with the LockBit (also known as Bitwise Spider) ransomware operation, targeting a once-prominent financially motivated cybercriminal group. Key developments include the apprehension of a suspected LockBit developer in France while on vacation outside Russia, the arrest of two individuals in the UK linked to an affiliate, and the capture of an administrator of a bulletproof hosting service in Spain used by the gang, according to Europol. Additionally, authorities have identified a Russian national, Aleksandr Ryzhenkov (known by several aliases including Beverley and Corbyn_Dallas), as a high-ranking member of the Evil Corp cybercrime group and a LockBit affiliate. Sanctions have been imposed on seven individuals and two entities connected to the e-crime organization. “The United States, in collaboration with our allies…”
Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime, Geo Focus: Asia Report: North Korean Hacking Group Incorporates Ransomware into Cyber Operations Chris Riotta (@chrisriotta) • August 14, 2025 Image: Shutterstock Recent findings from South Korean cybersecurity researchers have revealed a robust cyberattack campaign attributed to the North Korean hacker group…
June 28, 2025
Cybercrime / Vulnerability
The U.S. Federal Bureau of Investigation (FBI) has reported that the notorious cybercrime group Scattered Spider is expanding its focus to the airline industry. The agency is actively collaborating with aviation and industry partners to address these threats and assist affected organizations. “These perpetrators exploit social engineering tactics, often impersonating employees or contractors to trick IT help desks into granting unauthorized access,” the FBI stated on X. “Their methods frequently include bypassing multi-factor authentication (MFA), such as persuading help desk services to add unauthorized MFA devices to compromised accounts.” Scattered Spider is also known to target third-party IT providers, increasing the risk of attacks on trusted vendors and contractors. These incidents often lead to data theft, extortion, and ransomware. In a statement released…
FBI Issues Alert on Scattered Spider’s Growing Attacks Against Airlines Through Social Engineering On June 28, 2025, the Federal Bureau of Investigation (FBI) issued a warning regarding the cybercrime group known as Scattered Spider, which has notably expanded its attack vector to include the aviation sector. In light of this…
June 28, 2025
Cybercrime / Vulnerability
The U.S. Federal Bureau of Investigation (FBI) has reported that the notorious cybercrime group Scattered Spider is expanding its focus to the airline industry. The agency is actively collaborating with aviation and industry partners to address these threats and assist affected organizations. “These perpetrators exploit social engineering tactics, often impersonating employees or contractors to trick IT help desks into granting unauthorized access,” the FBI stated on X. “Their methods frequently include bypassing multi-factor authentication (MFA), such as persuading help desk services to add unauthorized MFA devices to compromised accounts.” Scattered Spider is also known to target third-party IT providers, increasing the risk of attacks on trusted vendors and contractors. These incidents often lead to data theft, extortion, and ransomware. In a statement released…
In a concerning development, a significant data breach linked to the Allianz Life ransomware attack has exposed nearly 3 million records from over a million individuals. This sensitive information, which includes names, addresses, phone numbers, dates of birth, Tax Identification Numbers, and social security numbers, has emerged on public internet…
Scattered Spider Compromises VMware ESXi to Launch Ransomware Against Critical U.S. Infrastructure
July 28, 2025
Cyber Attack / Ransomware
The infamous cybercrime group Scattered Spider is targeting VMware ESXi hypervisors in a series of attacks against the retail, airline, and transportation sectors in North America. According to an in-depth analysis by Google’s Mandiant team, “The group’s core tactics remain unchanged and do not depend on software exploits. Instead, they employ a strategic playbook that primarily involves phone calls to IT help desks.” The actors are described as aggressive and innovative, particularly adept at using social engineering to bypass even robust security systems. Their operations are precision-driven campaigns focused on the most critical systems and data of their victims. Also known as 0ktapus, Muddled Libra, Octo Tempest, and UNC3944, these threat actors have a track record of executing sophisticated social engineering tactics to gain initial access to target environments, subsequently employing a “living-off-the-land” (LotL) strategy by leveraging trusted administrative tools.
Scattered Spider Breaches VMware ESXi to Launch Ransomware Attacks on Critical U.S. Infrastructure July 28, 2025 In a concerning escalation of cyber threats, the cybercriminal group known as Scattered Spider has been orchestrating targeted attacks on VMware ESXi hypervisors, primarily affecting sectors such as retail, airlines, and transportation across North…
Scattered Spider Compromises VMware ESXi to Launch Ransomware Against Critical U.S. Infrastructure
July 28, 2025
Cyber Attack / Ransomware
The infamous cybercrime group Scattered Spider is targeting VMware ESXi hypervisors in a series of attacks against the retail, airline, and transportation sectors in North America. According to an in-depth analysis by Google’s Mandiant team, “The group’s core tactics remain unchanged and do not depend on software exploits. Instead, they employ a strategic playbook that primarily involves phone calls to IT help desks.” The actors are described as aggressive and innovative, particularly adept at using social engineering to bypass even robust security systems. Their operations are precision-driven campaigns focused on the most critical systems and data of their victims. Also known as 0ktapus, Muddled Libra, Octo Tempest, and UNC3944, these threat actors have a track record of executing sophisticated social engineering tactics to gain initial access to target environments, subsequently employing a “living-off-the-land” (LotL) strategy by leveraging trusted administrative tools.
Google Data Breach: Business User Information Compromised In a recent announcement, Google confirmed that a cyberattack attributed to the ShinyHunters ransomware group has led to unauthorized access of business user data within its corporate databases. The breach specifically targeted a Salesforce system that stores contact information for small and medium-sized…
